curl-users
http digest input parse fix
Date: Fri, 30 Jul 2004 13:33:53 -0700
Curl_input_digest adds a hardcoded 3 to totlen assuming that there are
always quotes around the content.
Here is a patch to fix it.
--- http_digest.c 2004-07-30 13:09:00.005855500 -0700
+++ http_digest.new.c 2004-07-30 13:10:06.631708300 -0700
@@ -168,15 +168,19 @@
else {
/* unknown specifier, ignore it! */
}
- totlen = strlen(value)+strlen(content)+3;
+ totlen = strlen(value)+strlen(content)+1; /* 1 for '= */
}
else
break; /* we're done here */
header += totlen;
+ while( *header && ',' != *header )
+ header ++;
if(',' == *header)
/* allow the list to be comma-separated */
header++;
+ else
+ break;
}
/* We had a nonce since before, and we got another one now without
'stale=true'. This means we provided bad credentials in the
previou
Received on 2004-07-30